1. 首页
  2. 问答
  3. 注册时密码错误,但在更改密码时工作密码bcrypt

注册时密码错误,但在更改密码时工作密码bcrypt

2016-04-22 69 views
0

我在系统上发现了有关用户注册和密码的信息。当我建立新用户时,我通过bcrypt散列密码。一切都保存到数据库中,但最近我发现我无法登录新创建的用户。我猜想密码有问题。注册时密码错误,但在更改密码时工作密码bcrypt

奇怪的,但当我与这个用户在忘记密码和添加新密码我能登录..用户注册和忘记密码使用相同的散列系统。这是注册过程以及如何保存密码:

这个 - >注册后我无法登录。

// included db connection, password hash file etc.. 

//hash the password 
$hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT); 

    if(!isset($error)){ 

     try { 

      $stmt = $pdo->prepare('INSERT INTO users (user_username, user_password, user_email) VALUES (:user_username, :hashedpassword, :user_email)'); 

      $stmt->execute(array(
       ':user_username' => $_POST['user_username'], 
       ':hashedpassword' => $hashedpassword, 
       ':user_email' => $_POST['user_email'] 
      )); 

     } catch(PDOException $e) { 
       var_dump ($e->getMessage()); 
       exit; 
     } 
    } 
    // html part 
    <div class="form-group"> 
     <label class="control-label col-sm-2" for="password">Password:</label> private function get_user_hash($username){ 

    try { 
     $stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'"); 
     $stmt->execute(array('username' => $username)); 

     $row = $stmt->fetch(); 
     return $row['user_password']; 

    } catch(PDOException $e) { 
     echo '<p class="bg-danger">'.$e->getMessage().'</p>'; 
    } 
} 

public function login($username,$password){ 

    $hashed = $this->get_user_hash($username); 

    if($this->password_verify($password,$hashed) == 1){ 

     $_SESSION['loggedin'] = true;   
     return true; 
    } 
} 
     <div class="col-sm-10"> 
     <input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter password"> 
     </div> 
</div>

重置密码。 这个 - >我可以在密码更改后登录。

if(!isset($error)){ 

    //hash the password 
    $hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT); 

    try { 

     $stmt = $pdo->prepare("UPDATE users SET user_password = :hashedpassword, resetComplete = 'Yes', active='Yes' WHERE resetToken = :token"); 
     $stmt->execute(array(
      ':hashedpassword' => $hashedpassword, 
      ':token' => $row['resetToken'] 
     )); 

     //redirect to index page 
     header('Location: index.php?action=resetAccount'); 
     exit; 

    //else catch the exception and show the error. 
    } catch(PDOException $e) { 
     $error[] = $e->getMessage(); 
    } 

} 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 
     <input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter your new password"/> 
</div> 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 

     <input type="password" class="form-control" name="passwordConfirm" id="passwordConfirm" placeholder="Re-enter your new password" /> 
</div>

我没有看到任何不同。他们都使用相同的数据库连接,相同的数据库表,相同的密码散列文件。我不知道该怎么办。

更新:密码的数据库字段是VARCHAR(120)所以它有足够的空间来散列。此外,我敢肯定,前1-2周,全是因为我创造了一些帐户..我不会改变任何东西,现在我无法登录..

UPDATE2完美工作: user.php的..

include('password.php'); 
$pdo = Database::connect(); 
class User extends Password{ 

private $_db; 

function __construct($pdo){ 
    parent::__construct(); 

    $this->_db = $pdo; 
} 
private function get_user_hash($username){ 

    try { 
     $stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'"); 
     $stmt->execute(array('username' => $username)); 

     $row = $stmt->fetch(); 
     return $row['user_password']; 

    } catch(PDOException $e) { 
     echo '<p class="bg-danger">'.$e->getMessage().'</p>'; 
    } 
} 

public function login($username,$password){ 

    $hashed = $this->get_user_hash($username); 

    if($this->password_verify($password,$hashed) == 1){ 

     $_SESSION['loggedin'] = true;   
     return true; 
    } 
}

的index.php其中登录表单

//html part 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 

    <input type="password" class="form-control" name="password" id="password" placeholder="password" /> 
</div> 

// php part 
// include database, user.php 
if(isset($_POST['submit'])){ 

$username = $_POST['username']; 
$password = $_POST['password']; 

if($user->login($username,$password)){ 

      $id=$user->login_user_id($username);// get user id 
      $permissions=$user->login_user_permissions($username);// get user role 


     $_SESSION['user_id'] = $id;// assing user_id to session 
     $_SESSION['user_username'] = $username; 
     $_SESSION['user_role'] = $permissions; 
    header('Location: admin/index.php'); 
    exit; 

} else { 
    header('Location: index.php'); 
    echo ''; 

} 
}

来源

2016-04-22 S.I.

+0

添加代码,您尝试使用密码登录和用户crdential –

+0

我忘了它..对不起。只需一秒钟。 –

+0

是'$ user-> password_hash()'传递给'password_hash()'? – Scuzzy

回答

0

在报名表进行此:

$stmt = $pdo->prepare('INSERT INTO users (user_username, user_password, user_email) VALUES (:user_username, :hashedpassword, :user_email)');

这在您验证这两个密码我注意到,你检查选择和检查现场active .. AND active='Yes'登录表单后...

$stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'");

在密码更改部分,你更新此同一领域active='Yes' ...

​​

因此,如果您在数据库中设置或不设置此列,请检查注册表格。或者你把一些默认值?

来源

2016-04-25 04:23:42

+0

你是对的。我在注册用户时没有设置“active”。所以当他尝试登录时没有通过检查。愚蠢的错误..我不敢相信。 –

相关问题

 相关问题